Published: 11/02/2010 Updated: 07/07/2010

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate malicious users to access an unattended workstation on which screen locking had been intended.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome screensaver 2.28.0

Debian Bug report logs - #569667 CVE-2009-4641: allows physically proximate attackers to access an unattended workstation Package: gnome-screensaver; Maintainer for gnome-screensaver is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gnome-screensaver is src:gnome-screensaver (PTS, buildd, popcon ...

It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session ...

NVD-CWE-Other https://launchpad.net/bugs/411350 http://www.ubuntu.com/usn/USN-866-1 https://bugzilla.gnome.org/show_bug.cgi?id=600488 http://www.mandriva.com/security/advisories?name=MDVSA-2010:040 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569667 https://usn.ubuntu.com/866-1/https://nvd.nist.gov

CVE-2009-4641

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect